The Justice Department has announced charges against a Russian citizen, Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 20 years old, from the Chechen Republic. Astamirov has been charged for his involvement in deploying numerous cyberattacks, including LockBit ransomware, against computer systems in the United States, Asia, Europe, and Africa.
Deputy Attorney General Lisa O. Monaco, said:
“This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable. In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide.”
LockBit ransomware is a type of malware that infects computers and encrypts files, making them inaccessible to the user. The attackers behind LockBit then demand a ransom in exchange for the decryption key needed to restore the files.
LockBit is a relatively new ransomware strain, first appearing in September 2019. It is believed to be the successor to the earlier ransomware strains, such as BitPaymer and Ryuk, and is known for its fast encryption process and the ability to spread quickly through a network. The ransomware is typically spread through phishing emails or by exploiting vulnerabilities in software or systems.
From August 2020 to March 2023, Astamirov allegedly conspired with other members of the LockBit ransomware campaign to commit wire fraud, intentionally damage protected computers, and make ransom demands through the use of ransomware. Astamirov directly executed at least 5 attacks against victim computer systems in the US and internationally, according to a criminal complaint filed in the District of New Jersey.
Astamirov is the third defendant charged by the office in the LockBit global ransomware campaign, and the second defendant to be apprehended.
According to the criminal complaint, LockBit ransomware was first seen around January 2020. LockBit actors have carried out over 1,400 attacks against victims globally, with over $100 million demanded in ransom and tens of millions of dollars received in actual ransom payments made using bitcoin.
To support his LockBit-related activities, Astamirov owned, controlled, and used various email addresses, Internet Protocol (IP) addresses, and other online provider accounts. These accounts allowed him and his co-conspirators to deploy LockBit ransomware and communicate with their victims. Law enforcement was also able to trace a portion of a victim’s ransom payment to a virtual currency address controlled by Astamirov in at least one instance.
FBI Deputy Director Paul Abbate, said:
“The FBI is committed to pursuing ransomware actors like Astamirov, who have exploited vulnerable cyber ecosystems and harmed victims. We, in collaboration with our federal and international partners, are fully committed to the permanent dismantlement of these types of ransomware campaigns that intentionally target people and our private sector partners. We will continue to leverage every resource to prevent this type of malicious, criminal activity.”
Astamirov is accused of conspiring to commit wire fraud and intentionally damaging protected computers and transmitting ransom demands. If convicted, he could face up to 20 years in prison on the first charge and up to five years in prison on the second charge. Both charges could also result in a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greater.
This announcement comes after LockBit-related charges were brought in two other cases in the District of New Jersey. In November 2022, the department announced criminal charges against Mikhail Vasiliev, a dual Russian and Canadian national, who is currently in custody in Canada awaiting extradition to the United States. In May 2023, the department announced the indictment of Mikhail Pavlovich Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware variants against victims in the United States and abroad.
